Merge branch 'Duske-https-support'

* Duske-https-support: Update TLS cert flag name [doc] update README for TLS flags [task] ignore ide/editor files [feat] add basic TLS support for HTTPS registry Create FUNDING.yml
ipdr · Aug 9, 2019 · 40ee23c · 40ee23c
2 parents 0a042d2 + 1d62603
commit 40ee23c
Show file tree

Hide file tree

Showing 7 changed files with 39 additions and 6 deletions.
diff --git a/.circleci/run_build_locally.sh b/.circleci/run_build_locally.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+curl --user "${CIRCLE_TOKEN}:" \
+    --request POST \
+     --form revision=0a042d26a7bdb34291c175d8603dbe8bfb21ad7b\
+    --form config=@config.yml \
+    --form notify=false \
+        https://circleci.com/api/v1.1/project/github/miguelmota/ipdr/tree/master
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -0,0 +1,2 @@
+github: [miguelmota]
+patreon: miguelmota
diff --git a/.gitignore b/.gitignore
@@ -5,6 +5,10 @@
 *.so
 *.dylib
 
+# IDEs/Editors
+.idea
+.vscode
+
 # Test binary, built with `go test -c`
 *.test
 

diff --git a/Makefile b/Makefile
@@ -32,7 +32,7 @@ lint: $(GOMETALINTER)
 ## build: Builds project into an executable binary.
 .PHONY: build
 build:
-	go build -o bin/ipdr cmd/ipdr/ipdr.go
+	go build -o bin/ipdr cmd/ipdr/main.go
 
 ## release: Release a new version. Runs `goreleaser internally.
 .PHONY: release

diff --git a/README.md b/README.md
@@ -256,22 +256,26 @@ make test
 
 ## FAQ
 
-- Q: How can I configure the local registry host or port that IPDR uses when pushing or pulling Docker images?
+- Q: How do I configure the local registry host or port that IPDR uses when pushing or pulling Docker images?
 
   - A: Use the `--docker-registry-host` flag, eg. `--docker-registry-host docker.for.mac.local:5000`
 
-- Q: How can I configure the IPFS host that IPDR uses for pushing Docker images?
+- Q: How do I configure the IPFS host that IPDR uses for pushing Docker images?
 
   - A: Use the `--ipfs-host` flag, eg. `--ipfs-host 127.0.0.1:5001`
 
-- Q: How can I configure the IPFS gateway that IPDR uses for pulling Docker images?
+- Q: How do I configure the IPFS gateway that IPDR uses for pulling Docker images?
 
   - A: Use the `--ipfs-gateway` flag, eg. `--ipfs-gateway https://ipfs.io`
 
 - Q: How can I configure the port for the IPDR registry server?
 
   - A: Use the `--port` flag, eg. `--port 5000`
 
+- Q: How do I setup HTTPS/TLS on the IPDR registry server?
+
+  - A: Use the `--tlsKeyPath` and `--tlsCertPath` flag, eg. ` --tlsKeyPath path/server.key --tlsCertPath path/server.crt`
+
 ## Contributing
 
 Pull requests are welcome!

diff --git a/cmd/ipdr/main.go b/cmd/ipdr/main.go
@@ -34,6 +34,8 @@ func main() {
 	var format string
 	var dockerRegistryHost string
 	var port uint
+	var tlsCertPath string
+	var tlsKeyPath string
 	var silent bool
 
 	rootCmd := &cobra.Command{
@@ -136,8 +138,10 @@ More info: https://github.com/miguelmota/ipdr`,
 		Long:  "Start the IPFS-backed Docker registry server that proxies images stored on IPFS to Docker registry format",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			srv := server.NewServer(&server.Config{
-				Port:  port,
-				Debug: !silent,
+				Port:       port,
+				Debug:      !silent,
+				TLSKeyPath: tlsKeyPath,
+				TLSCrtPath: tlsCertPath,
 			})
 
 			return srv.Start()
@@ -146,6 +150,8 @@ More info: https://github.com/miguelmota/ipdr`,
 
 	serverCmd.Flags().BoolVarP(&silent, "silent", "s", false, "Silent flag suppresses logs")
 	serverCmd.Flags().UintVarP(&port, "port", "p", 5000, "The port for the Docker registry to listen on")
+	serverCmd.Flags().StringVarP(&tlsCertPath, "tlsCertPath", "", "", "The path to the .crt file for TLS")
+	serverCmd.Flags().StringVarP(&tlsKeyPath, "tlsKeyPath", "", "", "The path to the .key file for TLS")
 
 	convertCmd := &cobra.Command{
 		Use:   "convert",

diff --git a/server/server.go b/server/server.go
@@ -19,13 +19,17 @@ type Server struct {
 	listener    net.Listener
 	host        string
 	ipfsGateway string
+	tlsCertPath string
+	tlsKeyPath  string
 }
 
 // Config is server config
 type Config struct {
 	Debug       bool
 	Port        uint
 	IPFSGateway string
+	TLSCertPath string
+	TLSKeyPath  string
 }
 
 // InfoResponse is response for manifest info response
@@ -59,6 +63,8 @@ func NewServer(config *Config) *Server {
 		host:        fmt.Sprintf("0.0.0.0:%v", port),
 		debug:       config.Debug,
 		ipfsGateway: ipfs.NormalizeGatewayURL(config.IPFSGateway),
+		tlsCertPath: config.TLSCertPath,
+		tlsKeyPath:  config.TLSKeyPath,
 	}
 }
 
@@ -171,6 +177,9 @@ func (s *Server) Start() error {
 	}
 
 	s.Debugf("[registry/server] listening on %s", s.listener.Addr())
+	if s.tlsKeyPath != "" && s.tlsCertPath != "" {
+		return http.ServeTLS(s.listener, nil, s.tlsCertPath, s.tlsKeyPath)
+	}
 
 	return http.Serve(s.listener, nil)
 }